Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
yet another 7601 RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    I got the FBI Pak Ransomware yesterday.  Either AVG or Combofix got rid of it today - but upon rebooting I get the 7601 watermark.  I bought this pc directly from Dell. when I boot I get the error c\user\kevin\appdata\roaming\wmcrsr.dll is missing. Google gets no hits on wmcrsr.dll  Here is the info (had to delete the http in URL cause forum wouldnt allow - thanks for your help):

    her data-->
    Office Details: <GenuineResults><MachineData><UGUID>{A7FF82E6-89F9-4793-8E38-1BAA0F993567}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-RMV82</PKey><PID>00359-OEM-8992687-00095</PID><PIDType>2</PIDType><SID>S-1-5-21-617845439-3955016971-702090360</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>XPS 8300  </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="6"/><Date>20111017000000.000000+000</Date></BIOS><HWID>1C6C3607018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>FX09   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800095-02-1033-7601.0000-0312012
    Installation ID: 021246879266815136609173004672756206737065794643471272
    Processor Certificate URL: //go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: //go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: //go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: //go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: RMV82
    License Status: Licensed
    Remaining Windows rearm count: 2
    Trusted time: 9/24/2012 9:30:34 PM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 8:4:2012 05:34
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LgAAAAEAAQABAAEAAAACAAAAAgABAAEAln2k0i4LUAR0RnC6Yj3WylIO8msucw==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   DELL    FX09  
      FACP   DELL    FX09  
      HPET   DELL  FX09
      MCFG   DELL  FX09
      SSDT   AMICPU  PROC
      SLIC   DELL    FX09  
      OSFR   DELL    FX09 

    Tuesday, September 25, 2012 4:44 AM

Answers

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    7601 simply means Windows 7 Service Pack 1.  It is not an error message.  If you are getting a non-genuine message then you need to run the full, unedited MGADiag report.  What you have posted is a very incomplete report.  To run the report please follow the instructions in the sticky at the top of this forum titled, Please Read Before Posting.

    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 8GB ram.

    Tuesday, September 25, 2012 7:33 AM
    Answerer
  • Question
    Sign in to vote
    0
    Sign in to vote

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-QCPVQ-KHRB8-RMV82
    Windows Product Key Hash: +Rj3N34NLM2JqoBO/OzgzTZXgbY=
    Windows Product ID: 00359-OEM-8992687-00095
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {A7FF82E6-89F9-4793-8E38-1BAA0F993567}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120503-2030
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{A7FF82E6-89F9-4793-8E38-1BAA0F993567}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-RMV82</PKey><PID>00359-OEM-8992687-00095</PID><PIDType>2</PIDType><SID>S-1-5-21-617845439-3955016971-702090360</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>XPS 8300  </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="6"/><Date>20111017000000.000000+000</Date></BIOS><HWID>1C6C3607018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>FX09   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800095-02-1033-7601.0000-0312012
    Installation ID: 021246879266815136609173004672756206737065794643471272
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: RMV82
    License Status: Licensed
    Remaining Windows rearm count: 2
    Trusted time: 9/25/2012 6:32:39 AM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 8:4:2012 05:34
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LgAAAAEAAQABAAEAAAACAAAAAgABAAEAln2k0i4LUAR0RnC6Yj3WylIO8msucw==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   DELL    FX09  
      FACP   DELL    FX09  
      HPET   DELL  FX09
      MCFG   DELL  FX09
      SSDT   AMICPU  PROC
      SLIC   DELL    FX09  
      OSFR   DELL    FX09  

    kevin vaughn

    Tuesday, September 25, 2012 1:33 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    7601 simply means Windows 7 Service Pack 1.  It is not an error message.  If you are getting a non-genuine message then you need to run the full, unedited MGADiag report.  What you have posted is a very incomplete report.  To run the report please follow the instructions in the sticky at the top of this forum titled, Please Read Before Posting.

    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 8GB ram.

    I ran the report again.  It doesn't look much different to me other than the HTTP that I had to delete in the original report in order to be able to post it. (originally the forum would not let me post something with a link until my email was verified, which I had already done but perhaps there was a lag).

    ANYWAY... if the below is still a 'very incomplete report' I don't know what to tell you as I am a non-computer texhnical person and just followed instructions in the Please Read Before Posting a second time.  This time I did not have to delete the HTTP from the URLs. Thank you for your help.

    kevin vaughn

    Tuesday, September 25, 2012 1:42 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    That report it complete - and shows no problems.

    What WGA-related errors are you seeing?

    If you're not seeing problems with activation or validation, then you should repost in the MS Answers forums here...

    http://answers.microsoft.com/en-us/windows/forum/windows_xp-system?tab=unanswered&page=1

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Tuesday, September 25, 2012 3:15 PM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote

    That report it complete - and shows no problems.

    What WGA-related errors are you seeing?

    If you're not seeing problems with activation or validation, then you should repost in the MS Answers forums here...

    http://answers.microsoft.com/en-us/windows/forum/windows_xp-system?tab=unanswered&page=1

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Test Mode

    Windows 7

    Build 7601

    That is at the bottom right of my screen.  Isn't that the window genuine watermark thing?  I am not a computer tech kind of person so sorry if I am off-base.

    kevin vaughn

    Wednesday, September 26, 2012 1:23 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    No -the Test mode stamp is from a switch in the OS, and nothing to do with non-genuine :)

    http://support.microsoft.com/kb/2509241 explains it - the procedure is exactly the same for your copy.

    Use the Fixit to reset the switch.

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Wednesday, September 26, 2012 1:41 AM
    Moderator